There is another way to do (1): bond the two interfaces at the network
level. That way you just point Ntop at the bond interface and are free
to monitor others, receive flows, etc. without merging interfaces. This
has become my preferred Ntop hardware configuration - 3 NICs, one for
management and flow reception, the other two bonded and attached via
passive tap.

Granted, this takes some work that is outside the scope of this list.

C

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Burton Strauss
Sent: Thursday, April 14, 2005 9:17 AM
To: [email protected]
Subject: RE: [Ntop] Watching Internet Connection: Mirror Port or Cisco
flows?

The advantage of netFlow is the implicit compression - 15 (or more or
less) packets in one 1500 byte packet vs. 15 packets each of whatever
length.  The disadvantage is that you lose the layer 2 (Ethernet) and
internal (deep packet inspection) details.  That's a trade-off decision
that depends on what you need to pull out of the data.

There are two other ways you can grab the data, vs. span.

(1) A passive tap.  It's easy to build for 10- and 100-BaseT
(instructions are at snort.org).  Just remember that you will need TWO
interfaces on the ntop box (one for each direction) and you MUST merge
the traffic (the default, but this means stay away from netFlow!).

(2) A true hub.  Not a switching hub, but a true hub.  These aren't easy
to find, but older 3Coms and Linksyses work great.

Span too, will certainly work.

In either case, remember you don't need to assign (*and don't want to)
an IP address to the monitoring interface(s).

-----Burton
 



**********************************************************************
Confidential/Proprietary Note

The information in this email is confidential and may be legally privileged.  
Access to this email by anyone other than the intended addressee is 
unauthorized.  If you are not the intended recipient of this message, any 
review, disclosure, copying, distribution, retention, or any action taken or 
omitted to be taken in reliance on it is prohibited and may be unlawful.  If 
you are not the intended recipient, please reply to or forward a copy of this 
message to the sender and delete the message, any attachments, and any copies 
thereof from your system.  Thank you. 
Guardian Mortgage Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************

_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to